WCF REST Error 401.3 in PUT and DELETE methods but not in GET and POST

Question

I'm going mad with this. I have a WCF web service hosted in a windows server 2012 with IIS 8. The connection is over ssl and I have a self-signed certificate but it's ok because it's for an internal use.

I created a GET method and a POST method. Both runs perfectly from fiddler and from our private android app. Now my partner creates the PUT and DELETE methods and the http response is 401 for both of them. All four methods are located in the same service file. I've checked the server logs and the substatus was 3.

I have investigated the 401.3 and all case scenarios I've seen were all methods failed 'cause the error says that you have no access to the resource.

Now, how can it be that I can access one resource to reach one method, but not the same resource to reach another?

Here's the interface:

[ServiceContract]
public interface IService1
{
    [OperationContract]
    [WebGet(UriTemplate = "Date",
        ResponseFormat = WebMessageFormat.Json,
        RequestFormat = WebMessageFormat.Json,
        BodyStyle = WebMessageBodyStyle.WrappedRequest)]
    string GetCurrentDate();

    [OperationContract]
    [WebInvoke(UriTemplate = "AddPlayer",
        Method = "POST", 
        ResponseFormat = WebMessageFormat.Json, 
        RequestFormat = WebMessageFormat.Json,
        BodyStyle = WebMessageBodyStyle.Bare)]
    Result Insert(Player newPlayer);

    [OperationContract]
    [WebInvoke(UriTemplate = "UpdatePlayer",
        Method = "PUT",
        ResponseFormat = WebMessageFormat.Json,
        RequestFormat = WebMessageFormat.Json,
        BodyStyle = WebMessageBodyStyle.Bare)]
    Result Update(Player updatePlayer);

    [OperationContract]
    [WebInvoke(UriTemplate = "DeletePlayer/{accountId}",
        Method = "DELETE",
        ResponseFormat = WebMessageFormat.Json,
        BodyStyle = WebMessageBodyStyle.Bare)]
    Result Delete(string accountId);
}

Here's the request for PUT and DELETE I tried in Fiddler:

PUT (service url)/UpdatePlayer HTTP/1.1  
User-Agent: Fiddler  
Host: (host)  
Content-Type: application/json  

{"account":"MrFoo", "nick":"", "isOnline":"1", "lat":"", "long":"", 
 "latHome":"", "longHome":""}

-------------------------------------

DELETE (service url)/DeletePlayer/MrFoo HTTP/1.1  
User-Agent: Fiddler  
Host: (host)  
Content-Type: text/html

Update: this is the thread where the solution is to grant privileges to users, wich I did.

Answer 1

We solved the problem. It's as silly as not having defined the ssl authentication method yet. If you add <authentication mode="None" />, just to test, all methods works fine.

We will add an authentication method soon but I would love to know why get and post didn't care about setting up or not an authentication method while put and delete do care.

Answer 2

I had the same problem and solved it adding to web.config

<system.web>
    <authentication mode="None" />
  </system.web>

I don't know what happened, i didn't do anything, anyone know why? Maybe an actualization of web server.